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DETAILED A CTION 

1 . This action is in response to the amendment and argument field on 16 March 2009. 

2. Claims 1-8, 10-12, 14-26 remain rejected. 

3. Claims 1, 10, 14, 18, 22-23 have been amended. 

Responses to the Argument 

4. The applicant's arguments filed on 16 March, 2009 have been fully considered but they 
are not persuasive. In the Remarks, the applicant has argued in substance: 

Arguments (Page 1-8): 

(a) No arguments were made but applicant explained the invention in detail. 
Response: 

(a) N/A 

Arguments (Page 8-15): 

(a) "Leung fails to describe a distribution of the actual internet protocol security 
service and its associated key management to different device. Specially, Leung fails to describe 
or suggest an arrangement which the security association management application divided into 
a management client and a management server ". 

(b) "The teaching of Leung fails to mention that the security association or 
authentication services are handled by the server 's internet security service ". 

(c) "Leung fails to discloses or suggest, "at least one management client configured 
to issue, in response communication received at said application device from a user equipment 
via a session key management key protocol". 

Response: 

(a) By the definition of "internet protocol security" means how or what rules would 
play in order to communicate securely in remote environment. The rules described by Leung 
how a security association may be sent to the network device to permit authentication of the 
mobile node. Alternatively, authentication of the mobile node may be performed at the server by 
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applying the security association. So, this is the same function as in current claim. (Leung col 6, 
lines 56-60). 

(b) Leung clearly mentioned security association between mobile device and server 
(Leung col 7, lines 16-22). 

(c) The response is sent by the server to the home agent (see column 7, lines 33-50). 
Since, the security associations may comprise keys (see column 7, line 67), this uses a session 
key management protocol. 

Claim Rejections - 35 USC §102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

Claim 1, 10, 14, 16, 18, 21-26 is rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent No. 6,760,444 to Leung et al. 

As per claims 1, 10, 14, 16. 18 Leung discloses an interaction between a Home Agent 
(the application device comprising management clients) that is connected to a server (the service 
device) via a communications network (see column 6, lines 24-26) and one or more wireless 
clients. The Home Agent may contact the server with a request for services such as creating (see 
column 2, line 58 to column 3, line 16) and managing security associations or authentication 
services (handled by the server's internet protocol security services) and receive in return a 
security association (see column 7, lines 16-32). The response is sent by the server to the home 
agent (see column 7, lines 33-50). Since, the security associations may comprise keys (see 
column 7, line 67), this uses a session key management protocol. 
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Leung discloses (Leung, abstract, "The security association may be sent to the network 
device to permit authentication of the mobile node. Alternatively, authentication of the mobile 
node may be performed at the server by applying the security association"), where "node" is the 
unit , as claimed. 

In regard to claim 21, Leung discloses: 

- providing one or more internet protocol security services comprising at least one of 
authentication services and encryption services from an internet protocol security service unit, 
wherein said internet protocol security service unit is deployed in a service device (Leung, col 
6, lines 29-36, "In addition to providing a centralized server which is capable of storing security- 
associations for multiple Home Agents, the centralized server may provide further services. By 
way of example, the centralized server may provide authentication services and/or authorization 
services. While authentication determines who an entity is, authorization determines what 
services a user is allowed to perform, or access"); 

- receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with said 
providing the one or more internet protocol security services, to said received security 
association management requests (Leung, col 7, lines 35-47, "At step 714, the server receives 
the packet identifying the mobile node (e.g., an authorization request packet) from the Home 
Agent. . . . send the security association to the Home Agent for authentication of the mobile node 
(716). The server constructs a packet in the appropriate format (e.g., a TACACS+ authorization 
reply packet) and includes the security association"). 

In regard to claim 22, Leung discloses: 

- providing one or more internet protocol security services comprising at least one of 
authentication services and encryption services from an internet protocol security service unit, 
said internet protocol security service unit being deployed in a service device (Leung, col 6, 
lines 29-36, "In addition to providing a centralized server which is capable of storing security- 
associations for multiple Home Agents, the centralized server may provide further services. By 
way of example, the centralized server may provide authentication services and/or authorization 
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services. While authentication determines who an entity is, authorization determines what 
services a user is allowed to perform, or access"); 

- issuing security association management requests to create and manage, with a 
session key management protocol, security associations for use by said provided internet 
protocol security services, from at least one management client, said at least one management 
client being deployed in an application device (Leung, col 7, lines 54-61, "The security 
association may be retrieved from the server each time mobile node 702 sends a fresh 
registration request. To reduce the effort associated with this, the security association may be 
temporarily loaded into memory (e.g., a portion of DRAM) of the Home Agent. In this manner, 
some transfers of security associations from the server to the Home Agent are eliminated"); 

- receiving in a management server said security association management requests 
issued from said at least one management client (Leung, col 7, lines 35-47, "At step 714, the 
server receives the packet identifying the mobile node (e.g., an authorization request packet) 

from the Home Agent appropriate format (e.g., a TACACS+ authorization reply packet) and 

includes the security association"). 

- responding, in connection with said internet protocol security service unit, to said 
security association management requests received at said management server, said 
management server being deployed in said service device, wherein said application device is 
connected to said service device by a communication network (Leung, col 4, lines 33-45, 
"While authentication determines who an entity is, authorization determines what services a user 
is allowed to perform, or access. ... available at http://www.ietf.org/internet-drafts/draft-grant- 
tacacs-02.txt, describes"). 

In regard to claim 23, Leung discloses: 

- issuing, from at least one management client deployed in an application device, 
security association management requests to create and manage, with a session key 
management protocol, security associations for use by one or more internet protocol security 
services comprising at least one of authentication services and encryption services provided by 
an internet protocol security service unit external to said application device (Leung, col 7, lines 
62-68, "A suitable algorithm for clearing security associations from the Home Agent's memory 



Application/Control Number: 10/720,054 
Art Unit: 2434 



Page 6 



may be employed (e.g., a least recently used (LRU) algorithm). While this approach can reduce 
traffic between server and Home Agent—and thereby eliminate attendant delay—it must also 
account for modifications of security associations (e.g., keys) on the server"); 

- communicating at least one of said issued security association management requests 
to a management server external to said application device, said management server 
configured to respond to said security association management requests in connection with 
said internet protocol security service unit (Leung, col 10, lines 18-24, "an architecture having a 
single processor that handles communications as well as routing computations, etc. would also 
be acceptable. Further, other types of interfaces and media could also be used with the router. 
Still further, in some cases, the invention can be implemented on network devices other than 
routers"). 

In regard to claim 24, Leung discloses: 

- providing one or more internet protocol security services comprising at least one of 
authentication services and encryption services from an internet protocol security service unit, 
said internet protocol security service unit being deployed in a service device (Leung, col 8, 
lines 17-26, "FIG. 8 is a process flow diagram illustrating the steps performed .. server are 
illustrated along vertical line 806. Again, the server is preferably an AAA server that can provide 
authorization and accounting services as well as authentication services"); 

- receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with said 
providing the one or more internet protocol security services, to said received security 
association management requests (Leung, col 7, lines 35-47, "At step 714, the server receives 
the packet identifying the mobile node (e.g., an authorization request packet) from the Home 

Agent appropriate format (e.g., a TACACS+ authorization reply packet) and includes the 

security association"). 

In regard to claim 25, Leung discloses: 

- managing means for issuing security association management requests to create and 
manage, with a session key management protocol, security associations for use by one or more 
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internet protocol security services comprising at least one of authentication services and 
encryption services provided by an internet protocol security service means external to said 
apparatus (Leung, col 7, lines 35-47, "At step 714, the server receives the packet identifying the 

mobile node (e.g., an authorization request packet) from the Home Agent the security 

association"). 

- communicating means for communicating said issued security association 
management requests to a management server external to said apparatus, said management 
server configured to respond to said security association management requests in connection 
with said internet protocol security service means (Leung, col 10, lines 18-24, "an architecture 
having a single processor that handles communications as well as routing computations, etc. 
would also be acceptable. Further, other types of interfaces and media could also be used with 
the router. Still further, in some cases, the invention can be implemented on network devices 
other than routers"). 

In regard to claim 26, Leung discloses: 

internet protocol security service means for providing one or more internet protocol 
security services comprising at least one of authentication services and encryption services 
(Leung, col 6, lines 32-36, "the centralized server may provide authentication services and/or 
authorization services. While authentication determines who an entity is, authorization 
determines what services a user is allowed to perform, or access"); 

- receiving means for receiving security association management requests issued from 
at least one management client external to said apparatus and for responding, in connection 
with said internet protocol security service means, to said received security association 
management requests 9 Leung, col 7, lines 35-47, "At step 714, the server receives the packet 
identifying the mobile node (e.g., an authorization request packet) from ... server constructs a 
packet in the appropriate format (e.g., a TACACS+ authorization reply packet) and includes the 
security association"). 



Claim Rejections - 35 USC § 103 
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6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claiml7 is rejected under 35 U.S.C. 103(a) as being unpatentable over U.S Patent No. 
6,760,444 to Leung et al. 

Regarding claim 7, Leung does not disclose the structure of the network connecting the 
Home Agents to the servers. 

Official notice is given that it is well-known in the art to implement computer 
connections using a local network. 

Therefore it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to implement Leung's invention using a local network. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A 
shortened statutory period for reply to this final action is set to expire THREE MONTHS from the 
mailing date of this action. In the event a first reply is filed within TWO MONTHS of the 
mailing date of this final action and the advisory action is not mailed until after the end of the 
THREE-MONTH shortened statutory period, then the shortened statutory period will expire on 
the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will the statutory 
period for reply expire later than SIX MONTHS from the date of this final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure (See form "PTO-892 Notice of reference cited). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MONJOUR RAHIM whose telephone number is (571)270-3890. 
The examiner can normally be reached on 5:30 AM - 3:30 PM (Mo - Th). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz, Zand can be reached on (571) 272-3811. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Monjour Rahim/ 
Patent Examiner 
Art Unit: 2434 
Date: 07/04/2009 
/Kambiz Zand/ 
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